Sign up or log in to view the hidden content

Virus Experience? Read mine here.

# 1  9/8/11 3:34 PM

Posts: 211
Redwessex This member uses the Web version of BeNaughty
Man, 28
United Kingdom
Chichester
Such a tease

I was asked to write a forum post for this, so I thought I’ll explain my experiences. If you saw my blog dated early September 2011, you’ll notice I got a virus from the site (because I disabled Safe-Messaging for legitimate links), not though any administration error or to do with the site itself, but I am a regular chatroom user and one of the chatrooms I used is “intelligent conversation”. Now, I suspected the item I downloaded was malware, I can’t conclusively prove it as nothing has showed up and I still don’t know if it is malware, but I am 99% certain it is.

The problems started when one user started like this

(user name): Hey! Check out my hot pics here: (web address to a rapidshare rar file).

I was a bit suspicious at first, so I downloaded the file and wondered what was in it. I know a lot about computers and I recently got a degree in computer games technologies on the programming side. So I was expecting anything, I thought at the time that 996kb was a bit too small for a load of pictures and thought there was a lot of code behind it. So I downloaded it and before I extracted it, I noticed something weird about the file, its marked as a JPG.EXE (winrar was reporting it as a exe.jpg, go figure). Ok, open it and see what happens, nothing, right, put it on the desktop and use comodo’s sandbox utility…. Oh dear, it doesn’t do anything, so I open it in a paint program thinking it was a jpeg. It is not a jpg, what I found out is that it does nothing.

10 minutes later, the fun started, someone attempted I suspect to gain access to my computer because the mouse became quite unresponsive, then I got 2 text boxes and thought “I’m taking the computer offline now!” and undid the network cable, then used comodo to scan the hell out the system, to which it found nothing, at the same time, I was trying to decompile the program to see what the hell it does. This is hard when you have no internet connection. So I gave up on that. Next thing I did when Comdo couldn’t find anything, I used another computer and downloaded the AVG Anti-Virus rescue disk, booted the PC from that (which for antique systems, may require a lot of fiddling around with the lower level system) to get it to work. You can download the CD from here:
http://www.avg.com/****-en/avg-rescue-cd

To use it, you need:
-    A blank CD
-    A CD writer (any CD drive that can write to a blank CD)
-    An ISO burning program like WinISO or ImgBurn (ImgBurn is free and can be found here: http://www.imgburn.com/) It all may look complicated but in fact, very easy to use.
-    A CD Drive on the other computer, so if your netbook or other computer doesn’t have one, you’re stuffed or you need to find an external drive.

When I started the computer, I let this run all night to scan for any infections, to which I had nothing that was suspicious, so I tried another tool, again, on the same computer, I went to Ubuntu’s website:  http://www.ubuntu.com/
Then I downloaded the live CD to that, there is an ISO you can download (like the steps above) which got me out of trouble, to which I downloaded and used these instructions (http://www.howtogeek.com/howto/14434/sc … u-live-cd/)

To which I needed to connect to the internet again, so I had to plug in my Ethernet cable, I then scanned and after that was largely clear (Apart from the malware I know about) I decided that the computer no longer had the virus and then removed the CD and booted back into windows.

You may want to know “Why did I use boot CDs?” Most modern boot CDs are based on an operating system known as Linux, this is one of the main competitors to what you are used to for most of you, that is Mac and Windows. Unlike Windows, Linux has far fewer viruses for it, for 2 reasons:

Firstly, the reason that viruses need to go through the elevated permissions hurdle (You have to log in as Super User every time to make a system change, ****.****. deleting a system file – one which would throw a system into instability if removed if the user didn’t know what they were doing)


Secondly, why bother when most computers run windows? Surely, you’d make much more of an impact by writing and exploiting windows computers.



The irony is, Mac users use a similar operating system, known as Unix, the mac one I believe ( known as OSX ), is heavily modified and in reality, Unix came before Linux, Linux is an operating system that used Unix commands, but I believe works differently. Basically, its Unix like. Interestingly, Linux actually was a play on the coders name, Linus Torvalds!

Now, if you ever get this problem, like I did, I’ve just given you some ideas of what to do. The big thing is DON’T PANIC! If you stop and think, you get out of trouble far easier and limit the damage. First thing to do, isolate the computer as soon as you find out if you have a virus, why? Because viruses replicate over a local area network, therefore, one computer with a virus can turn into an infestation, although you might be a bit too late anyway.

Secondly, scan, scan and scan.

Thirdly, try something else, update it then scan, scan, scan. If you can’t find anything, see what happens when you go back into windows and keep a close eye on things. Should you notice any abnormal behaviour on your online accounts, CHANGE YOUR PASSWORDS! If you can’t, get hold of helpdesk and say that your account has been compromised and that you need to change your password as someone else has it.

Fourthly, for this site, if you don't know the link A ) Don't touch it, B ) Put Safe-Messaging back on.!

That should keep you out of trouble where possible. Its just a bit of logic at the end of the day.  (Obviously, if you suspect that the computer you are using has malware on it that will “steal” your passwords, use another computer.)

# 2  9/8/11 3:38 PM

Posts: 9237
aries51 This member uses the Web version of BeNaughty
Woman, 56
United Kingdom
****
Right goer

I did say I was an idiot where  this is concerned   ,and this posting has just confirmed  it   

# 3  9/8/11 4:13 PM

Posts: 211
Redwessex This member uses the Web version of BeNaughty
Man, 28
United Kingdom
Chichester
Such a tease

aries51 wrote:

I did say I was an idiot where  this is concerned   ,and this posting has just confirmed  it   

Hopefully it was helpful, no one is an idiot, its the fact that sometimes, we need to research and learn new problems, its like climbing a mountain, everything has a learning curve, including ****.

# 4  9/8/11 4:16 PM

Posts: 9237
aries51 This member uses the Web version of BeNaughty
Woman, 56
United Kingdom
****
Right goer

Yes of course   , but from someone who can just about email   ......... its meaningless    .I do have spy ware on here of course   ,I just have to hope that does the trick     .   

Im afraid when I went to school  all we had was an abacus   ......................

# 5  9/8/11 4:54 PM

Posts: 32591
DD_67 This member uses the Web version of BeNaughty
Woman, 47
Ireland
****
Love expert

Thanks Red.  I think that will be very helpful to a lot of people, and as soon as i can get hold of Dave, i'll ask him to pin it in the help section.  I can't believe you rewrote it all over again.  I didn't mean for you to go to all that bother.  Thought you'd just copy and paste it.

Thank you very much

# 6  9/8/11 5:49 PM

Posts: 11001
bustymalone This member uses the Web version of BeNaughty
Woman, 55
United Kingdom
Dartford
Thoroughly indecent

thank you so much for taking the time and the effort to post constructive info...you sound a patient loving guy lets have some  fun together

# 7  9/8/11 6:45 PM

Posts: 10322
honey-me This member uses the Web version of BeNaughty
Woman, 56
United Kingdom
Welwyn Garden City
Thoroughly indecent

aries51 wrote:

Yes of course   , but from someone who can just about email   ......... its meaningless    .I do have spy ware on here of course   ,I just have to hope that does the trick     .   

Im afraid when I went to school  all we had was an abacus   ......................

never even had that  i cant count past  10  !! lol  lol    20 if i use my toes lol

# 8  9/8/11 7:12 PM

Posts: 211
Redwessex This member uses the Web version of BeNaughty
Man, 28
United Kingdom
Chichester
Such a tease

DD_67 wrote:

Thanks Red.  I think that will be very helpful to a lot of people, and as soon as i can get hold of Dave, i'll ask him to pin it in the help section.  I can't believe you rewrote it all over again.  I didn't mean for you to go to all that bother.  Thought you'd just copy and paste it.

Thank you very much

Its not much of a problem, its to make it easier for everyone to understand. Of course, if you do find a virus, you need to remove it, thats not too hard, most virus programs will allow you to remove it. However, should you not have one, go on the net, type the virus name, ****.****. win32.blaster.worm (remember that virus? It hit the headlines not soo long ago.). Some viruses are **** easy to remove, just set a program to remove and BOP, there they are gone. Some? Oh, lots harder, but there are specific instructions. For example, you may need to do a lot of low level tasks, I've been trying to find an example, but I can't. On the other hand, you may need to use specific tools to remove it.

So if you get a virus, check out its name and find out how you remove it.

EDIT: Security tips, I've got a fair few of them, for local and remote reasons. Yes, its possible to access your PC from anywhere, I've got that setup on my server. So, basics, have a password where possible on your computer, it will help you massively oh and password protect the administrator account for better protection. You could disable it altogether however.

Use a firewall, yes, they are a pain, I know, but without that protection, unwanted traffic does go in and out of your pc without you knowing. For firewalls to be effective, you need to learn your programs as well and play the "spot the suspicious one. For some that are free, theres comodo internet security: http://personalfirewall.comodo.com and http://www.zonealarm.com/ . Obviously there is the microsoft one as well, which is built into XP after Service Pack 2, however, I would have another one just in case. There are other options if you look, I wanted to see how good Windows XP firewall is, which was suppose to be better than nothing as it filters inbound traffic (this may of changed) and one that came up is Outpost: http://free.agnitum.com/

Keep your virus database upto date

Keep your web browser upto date. I use IE for most of my browsing as most of the stuff I use is compatible with IE. An example is below. Don't worry, its a VRML world, which shouldn't be too much of a problem for anyone. You need to download a plug in to see it which is upto you really. (Cortona3D viewer here: http://www.cortona3d.com/Products/Corto … iewer.aspx )

(Link to VRML file)

Now, I added the above as you may want to consider compatibility of plug-ins, which is yet another security hole as well. IE seems to be the most compatible web browser for most sites. Apparently, it is recommended that you browse this site with Firefox.... (of which I hate Firefox with a passion, its resource hungry, not logically thought out for my liking and well, don't get me started. I'll leave it at that as thats my opinion.)
Research is the key here.

Know your PC well, get to know when its going to go absolutely nuts and if you see anything unusual, STOP!

Use User Account Control in Vista and Windows 7, it makes the computer more secure.

If you aren't happy with windows, depart from it all together, try Linux, like Ubuntu (www.ubuntu.com) or SuSE (www.opensuse.org)

Most importantly, don't freak out and do some research, there are lots of areas about PC security, some I don't know of or even just know the basics, there are lots lots more to learn.

# 9  9/8/11 7:23 PM

Posts: 9237
aries51 This member uses the Web version of BeNaughty
Woman, 56
United Kingdom
****
Right goer

Redwessex wrote:

DD_67 wrote:

Thanks Red.  I think that will be very helpful to a lot of people, and as soon as i can get hold of Dave, i'll ask him to pin it in the help section.  I can't believe you rewrote it all over again.  I didn't mean for you to go to all that bother.  Thought you'd just copy and paste it.

Thank you very much

Its not much of a problem, its to make it easier for everyone to understand. Of course, if you do find a virus, you need to remove it, thats not too hard, most virus programs will allow you to remove it. However, should you not have one, go on the net, type the virus name, ****.****. win32.blaster.worm (remember that virus? It hit the headlines not soo long ago.). Some viruses are **** easy to remove, just set a program to remove and BOP, there they are gone. Some? Oh, lots harder, but there are specific instructions. For example, you may need to do a lot of low level tasks, I've been trying to find an example, but I can't. On the other hand, you may need to use specific tools to remove it.

So if you get a virus, check out its name and find out how you remove it.

The viruses  we have come across are ones asking you   to install   stuff   ...............  ie wanting credit card details   .......... ...

Another warning is my **** downloaded something off You tube   and got one   .  Told we were unlucky ,but if you go around down loading unfamiliar  things then I guess its always a risk    .The download off you tube manged to overcome Mck afee   so not sure what the answers are   ..............   .Basically ,thats why I dont touch anything  ,and probably explains why I dont trust  the site here enough to download stuff  following   emails sent to my Church going sister in law of people having ****   ....................

# 10  9/8/11 8:21 PM

Posts: 1564
davej9876 This member uses the Web version of BeNaughty
Man, 53
United Kingdom
Thurrock
Wicked charmer

Another tip would be to check the guest account is disabled (should be by default) and then rename it to some random word. Then rename the admin user so it isn't "Administrator" which is the obvious one someone will be trying to break into.

Funny though Red, and no personal slight intended, but its amazing how many "computer experts" fall foul of that sort of lure, especially windows experts. That's how previous ones like "I love you", Sasser etc spread so fast.

Most obvious tips

Enforce passwords on all accounts, mix of letters, numbers and allowable symbols, 8 characters or more.
And change them regularly.

Never download files except from a trusted source, especially not .exe .rar .com etc type files.

Never **** trust your trusted source, they could have been infected and then so will you be.

Don't just click on a link in email or websites, hover the mouse over it and see what the url reads. It might LOOK like it's from your bank/paypal/whatever, but the url will be pretty obviously not.

If you think something doesn't seem right (about a url, web page etc), then STOP! Do not click anything else except the big red "****" to close the browser. Remember, if something seems too good to be true, it most likely is

Get a decent Anti-Virus program, loads are free but some aren't that good. Microsoft do one for free now (Microsoft Security Essentials) tho I can't say if it's any good, time will tell. **** in mind that some of these tools WILL cause you problems that can be worse than getting a virus (Norton was a classic for that).

Don't disable the anti-virus or firewall on your PC, even briefly, unless you have a valid reason to do so. You can check how well your PC is secured from outside access by running a tool like Shields-up!

Safe browsing everyone

# 11  9/10/11 11:42 PM

Posts: 32591
DD_67 This member uses the Web version of BeNaughty
Woman, 47
Ireland
****
Love expert

Woohoo

I've just discovered that Weekend_Mod pinned this at my request.  Thank you cutie

# 12  9/11/11 1:15 AM

Posts: 1586
redman63 This member uses the Web version of BeNaughty
Man, 50
United Kingdom
Kettering
Wicked charmer

Dave, good advice. Touch wood I've not been infected for eight years, apart from on a test machine, designed to pick up any wierdness floating around a network ive been running.

the most important thing is always have your anti virus on and up to date when you download files from the internet.

NEVER  download a file that someone offers you out of the blue, unless its someone you know well and its something you've discussed before hand.

If your Bank sends you a file, ITS NOT YOUR BANK they don't do that

if the pretty 20 year old sends you a pile of pictures in a zipped file, think for a second, how many 20 year olds send piles of pictures to random older men, and how much more likely is it that  its actually a hairy Ukranian gangster who actually wants his wicked way with your credit cards before you open the file?

# 13  2/15/13 7:17 PM

Posts: 2866
Welshman65 This member uses the Web version of BeNaughty
Man, 48
United Kingdom
Port Talbot
Seduction guru

I don't know if you are aware that if you use online banking almost all banks will provide you with FREE anti-virus programs, which One depends on the bank. For example of you use HSBC, once you have logged on, somewhere on the page there is a link giving you free McAfee anti virus for a year, once it is about to expire do it again, but use a different email address (any free one you set up will do) and .... you get another year free!

# 14  5/29/13 6:28 AM

smalldude1234 This member uses the Web version of BeNaughty
Man, 41
Australia
Edinburgh
Naughty newbie

you are a computer savvy guy and got stung by a very obvious spammer?

# 15  7/1/14 3:48 AM

Ask him for a photo
This member doesn't have a photo, click to ask him to upload a photo
Posts: 243
DavidCommaGeek This member uses the Web version of BeNaughty
Man, 84
United States
Riverside
Such a tease

As far as anti-malware programs go, I use AVG regularly, and I would also recommend Spybot: Search and Destroy. It's geared to remove things like tracking cookies and keyloggers, and it comes with an "immunization" option to help protect against untrustworthy sites. You can get a free version that still works pretty well, and I can get a link to the site if it's not a problem.

Board footer

18 U.S.C. 2257 Record-Keeping Requirements Compliance Statement
scamcheck

BeNaughty ranked #8 among all UK websites
in the Hitwise Lifestyle - Dating industry, based on
market share of visits in January - December 2011.